IoT (“Internet of Things”) self-segmented blocks

ABSTRACT

Methods for secure communication transmission is provided. Methods include shredding a secure communication into a first plurality of communication segments using a first fine-grain shredding algorithm. Methods include creating a first recombination key suitable for recombining data subjected to the first shredding algorithm. Methods include transmitting each of the first plurality of communication segments and the first recombination key to an intermediary device. Methods include shredding the first plurality of communication segments using a second fine-grain shredding algorithm. Methods include creating a second recombination key suitable for recombining data subjected to the second shredding algorithm. Methods include transmitting the second plurality of communication segments and the first and second recombination key to a target device. Methods include recombining the second plurality of communication segments into the first plurality of communication segments using the first key. Methods include recombining the first plurality of communication segments using the second key.

FIELD OF THE INVENTION

This invention relates to a network of devices. Specifically, thisinvention relates to securing communications between the devices.

BACKGROUND OF THE INVENTION

The Internet of Things (“IoT”) may be loosely characterized as theinteraction and communication between various physical objects. Thephysical objects are typically embedded with computing and communicationcapabilities.

The physical objects, or IoT devices, may include refrigerators, lights,smartphones, smartwatches, computers, laptops, tablets, sinks, hot waterheaters, coffee machines, ovens, vehicles, thermostats and any othersuitable objects.

Each of the IoT devices may be configured to communicate with other IoTdevices. Because IoT devices are manufactured by different manufacturersusing various manufacturing standards in multiple locations, it may bedifficult to instantiate communication between devices. Therefore, manytimes, manufacturers use simple, legacy protocols to facilitatecommunication between the various IoT devices.

IoT devices, such as a tablet, smartphone or laptop, may have access toand/or include sensitive information. Communications between IoT devicesmay include the sensitive information. Thus, it may be imperative tosecure all communications between the IoT devices to maintain theconfidentiality of the sensitive information.

Therefore, it may be desirable to transform the communications intoself-segmented blocks prior to transmission. It may be further desirablefor the self-segmented blocks to preserve the confidentiality ofcommunication between IoT devices.

SUMMARY OF THE DISCLOSURE

A system for secure communication transmission between a source deviceand a target device via a plurality of devices is provided. The systemmay include the source device. The source device may be configured tocreate and/or receive a secure communication. The source device mayshred, using a first fine-grain shredding algorithm, the securecommunication into a first plurality of communication segments. Thesource device may also create a first recombination key suitable forcombining data subjected to the first fine-grain shredding algorithm.

The source device may transmit each of the first plurality ofcommunication segments and the first recombination key to anintermediary device. The intermediary device may be one of the pluralityof devices.

The source device may destroy the first recombination key, the pluralityof communication segments and the secure communication resident on thesource device.

The system may include the intermediary device. The intermediary devicemay shred the first plurality of communication segments into a secondplurality of communication segments using a second fine-grain shreddingalgorithm.

The intermediary device may create a second recombination key suitablefor combining data subjected to the second fine-grain shreddingalgorithm. The intermediary device may merge the first recombination keywith the second recombination key into a third recombination key.

The intermediary device may transmit each of the second plurality ofcommunication segments and the third recombination key to the targetdevice.

The intermediary device may destroy the first recombination key, thesecond recombination key, the third recombination key and the pluralityof communication segments resident on the intermediary device.

The target device may separate the third recombination key into thefirst recombination key and the second recombination key. The targetdevice may recombine the second plurality of communication segments intothe first plurality of communication segments using the secondrecombination key. The target device may also recombine the firstplurality of communication segments into the secure communication at thetarget device.

BRIEF DESCRIPTION OF THE DRAWINGS

The objects and advantages of the invention will be apparent uponconsideration of the following detailed description, taken inconjunction with the accompanying drawings, in which like referencecharacters refer to like parts throughout, and in which:

FIG. 1 shows an illustrative flow chart in accordance with principles ofthe invention;

FIG. 2 shows another illustrative flow chart in accordance withprinciples of the invention;

FIG. 3 shows an illustrative diagram in accordance with principles ofthe invention;

FIG. 4 shows another illustrative diagram in accordance with principlesof the invention;

FIG. 5 shows another illustrative flow chart in accordance withprinciples of the invention; and

FIG. 6 shows another illustrative diagram in accordance with principlesof the invention.

DETAILED DESCRIPTION OF THE DISCLOSURE

A method for transmitting secure communications from a source device toa target device via a plurality of devices is provided. The method mayinclude creating and/or receiving a secure communication at the sourcedevice.

Exemplary source devices include IoT devices, such as thermostats,refrigerators, human-wearable devices and any other suitable devices.The secure communication may include proprietary information, such aspersonal identification numbers, identification information, bankaccount numbers, credit card information and other such privilegedinformation. The secure communication may be generated, created and/orreceived at the source device. In some embodiments, a user may entersecure information into an IoT device.

The method may include shredding the secure communication into a firstplurality of communication segments. The shredding may be executed usinga first fine-grain shredding algorithm. It should be appreciated thatthe first fine-grain shredding algorithm may be similar to a fine-grainshredder that utilizes multiple-angled cuts to shred physical papers.

The method may include creating a first recombination key suitable forrecombining data subjected to the first fine-grain algorithm. The keycreation and/or generation process may occur at the source device.

The method may include transmitting each of the first plurality ofcommunication segments and the first recombination key to anintermediary device.

In some embodiments, the first plurality of communication segments maybe transmitted directly to the target device. In these embodiments, thefirst recombination key may or may not be transmitted directly to thetarget device. In some instances, the first recombination key may betransmitted to one or more intermediary devices, which transmits thefirst recombination key to the target device.

The method may include destroying the first recombination key and/or theplurality of communication segments stored at the source device. Thedestruction step may heighten the security as follows. In the event thatthe source device becomes compromised, the secure communication is nolonger stored at the source device and therefore cannot becomecompromised.

The method may include shredding the first plurality of communicationsegments into a second plurality of communication segments. Theshredding may be executed using a second fine-grain shredding algorithm.It should be appreciated that the second fine-grain shredding algorithmmay be similar to fine-grain shredders that utilizes multiple-angledcuts to shred physical papers.

The method may include creating and/or generating a second recombinationkey suitable for recombining data subjected to the second fine-grainshredding algorithm. The second recombination key creation and/orgeneration may be performed at the intermediary device.

The method may include merging the first recombination key with thesecond recombination key into a third recombination key.

The method may include transmitting each of the second plurality ofcommunication segments and the third recombination key to the targetdevice.

The method may include destroying the first recombination key, thesecond recombination key, the third recombination key and/or theplurality of communication segments stored at the intermediary device.

The method may include separating the third recombination key into thefirst recombination key and the second recombination key at the targetdevice.

The method may include recombining the second plurality of communicationsegments into the first plurality of communication segments using thesecond recombination key. The method may include recombining the firstplurality of communication segments into the secure communication at thetarget device.

Apparatus and methods described herein are illustrative. Apparatus andmethods in accordance with this disclosure will now be described inconnection with the figures, which form a part hereof. The figures showillustrative features of apparatus and method steps in accordance withthe principles of this disclosure. It is to be understood that otherembodiments may be utilized and that structural, functional andprocedural modifications may be made without departing from the scopeand spirit of the present disclosure.

The steps of methods may be performed in an order other than the ordershown or described herein. Embodiments may omit steps shown or describedin connection with illustrative methods. Embodiments may include stepsthat are neither shown nor described in connection with illustrativemethods.

Illustrative method steps may be combined. For example, an illustrativemethod may include steps shown in connection with another illustrativemethod.

Apparatus may omit features shown or described in connection withillustrative apparatus. Embodiments may include features that areneither shown nor described in connection with the illustrativeapparatus. Features of illustrative apparatus may be combined. Forexample, an illustrative embodiment may include features shown inconnection with another illustrative embodiment.

FIG. 1 shows illustrative system architecture 100. Architecture 100 mayrepresent an internet of things (“IoT”). A differentiator between IoTand conventional networks is a traffic profile. In an IoT, nodes may nothave defined or known network positions, communication protocols orsecurity services. Solutions that allow architecture 100 to functionseamlessly and leverage such disparate components are disclosed herein.

Architecture 100 may include nodes. Each node may include two or morenodes. FIG. 1 shows exemplary nodes 101, 103, 105, 107 and 109. Thearchitecture includes sensors 103. Sensors 103 may include devices thatdetect changes in a physical or virtual environment. For example sensorsmay measure audio, rainfall, temperature or water levels. Sensors maymeasure electronic network traffic, electronic signals (e.g., input oroutput) or frequency of user logins from within a predefined geographicarea.

Sensors may be any suitable size. For example, sensors may be a fewmillimeters in size. Sensors may be deployed in a wide variety oflocations. For example, sensors may be deployed in militarybattlefields, industrial plants, in orchards, in clothing, automobiles,smart phones, jewelry or refrigerators. Sensors may be relativelyinexpensive and have low energy consumption. Sensors may “sense” one ormore stimuli or environmental changes.

Sensors may implement one or more functions. For example, sensors maymeasure changes in their native environment, capture data related to themeasured changes store and communicate the captured data. Sensors may beaccessed by other sensors or any other node. Sensors may transmitcaptured data to another node. Sensors may broadcast captured data toone or more nodes.

Captured data may be transmitted using any suitable transmission method.For example, data captured by a sensor may be extracted by a mobilephone. Sensors may leverage a communication link provided by a mobilephone to communicate captured data to another node.

Each sensor may be a node and each sensor may be assigned a uniqueidentifier. For example, sensors may be identified by one or more radiofrequency identification (“RFID”) tags. The RFID tag may be stimulatedto transmit identity information about the sensor or any otherinformation stored on the RFID tag.

Captured data may be transmitted by the sensor and processed far fromthe location of the sensor that captured the data. For example, captureddata may be transmitted from one node to another node until the captureddata reaches data repository 101.

Sensors maybe positioned and capture data from diverse locations.Locations may include geographic locations or virtual locations onelectronic networks. Captured data may be transmitted to a locationwhere information is needed for decisioning or consumption, which maynot be the same place the data was captured or generated. Datasynchronization protocols and caching techniques may be deployed toensure availability of information at, or delivery to, a desired node.For example, a location where data is captured may not have continuousreliable network connectivity. Accordingly, captured data may be storedlocally on the sensor for an amount of time prior to transmission orbroadcast to another node.

Contextually, captured data may provide information not only about thephysical environment surrounding a sensor, but the capturing of datafrom multiple sensors may provide data that signifies an event. Sensorsmay be grouped. Sensors may be grouped based on physical proximity orbased on the content (or expected content) of data captured. Sensors maybe grouped virtually. Other nodes, such as data analysis engine 109 maycreate and/or be included in such groups. In some embodiments, thecaptured data may be organized by data repository 101.

Based on data captured from sensors 103, actuators 107 may respond to adetected event. Based on the capture and analysis of multiple sources ofdata, actuators 107 may be instructed to take action without humanintervention.

Generally, sensors and other nodes that form part of architecture 100may include a processor circuit. The processor circuit may controloverall operation of a node and its associated components. A processorcircuit may include hardware, such as one or more integrated circuitsthat form a chipset. The hardware may include digital or analog logiccircuitry configured to perform any suitable operation.

A processor circuit may include one or more of the following components:I/O circuitry, which may include a transmitter device and a receiverdevice and may interface with fiber optic cable, coaxial cable,telephone lines, wireless devices, PHY layer hardware, a keypad/displaycontrol device or any other suitable encoded media or devices;peripheral devices, which may include counter timers, real-time timers,power-on reset generators or any other suitable peripheral devices; alogical processing device, which may compute data structuralinformation, structural parameters of the data, quantify indices; andmachine-readable memory.

Machine-readable memory may be configured to store, in machine-readabledata structures: captured data, electronic signatures of biometricfeatures or any other suitable information or data structures.Components of a processor circuit may be coupled together by a systembus, wirelessly or by other interconnections and may be present on oneor more circuit boards. In some embodiments, the components may beintegrated into a single chip. The chip may be silicon-based.

The node may include RAM, ROM, an input/output (“I/O”) module and anon-transitory or non-volatile memory. The I/O module may include amicrophone, button and/or touch screen which may accept user-providedinput. The I/O module may include one or more of a speaker for providingaudio output and a video display for providing textual, audiovisualand/or graphical output.

Software applications may be stored within the non-transitory memoryand/or other storage medium. Software applications may provideinstructions to the processor for enabling a node to perform variousfunctions. For example, the non-transitory memory may store softwareapplications used by a node, such as an operating system, applicationprograms, and an associated database. Alternatively, some or all ofcomputer executable instructions of a node may be embodied in hardwareor firmware components of the node.

Software application programs, which may be used by a node, may includecomputer executable instructions for invoking user functionality relatedto communication, such as email, short message service (“SMS”), andvoice input and speech recognition applications. Software applicationprograms may utilize one or more algorithms that request alerts, processreceived executable instructions, perform power management routines orother suitable tasks.

As shown in FIG. 1, a node may operate in a networked environment. Anode may be part of two or more networks. A node may supportestablishing network connections to one or more remote nodes. Suchremote nodes may be sensors, actuators or other computing devices. Nodesmay be personal computers or servers. Network connections may include alocal area network (“LAN”) and a wide area network (“WAN”), and may alsoinclude other networks. When used in a LAN networking environment, anode may be connected to the LAN through a network interface or adapter.The communication circuit may include the network interface or adapter.

When used in a WAN networking environment, a node may include a modem orother circuitry for establishing communications over a WAN, such as theInternet. The communication circuit may include the modem.

The existence of any of various well-known protocols such as TCP/IP,Ethernet, FTP, HTTP and the like is presumed, and a node can be operatedin a client-server configuration to permit a user to retrieve web pagesfrom a web-based server. Web browsers can be used to display andmanipulate data on web pages.

Nodes may include various other components, such as a battery, speaker,and antennas. Network nodes may be portable devices such as a laptop,tablet, smartphone, “smart” devices (e.g., watches, eyeglasses, clothinghaving embedded electronic circuitry) or any other suitable device forreceiving, storing, transmitting and/or displaying relevant information.

A node may include a display constructed using organic light emittingdiode (“OLED”) technology. OLED technology may enhance functionality ofa node. OLEDs are typically solid-state semiconductors constructed froma thin film of organic material. OLEDs emit light when electricity isapplied across the thin film of organic material. Because OLEDs areconstructed using organic materials, OLEDs may be safely disposedwithout excessive harm to the environment.

Furthermore, OLEDs may be used to construct a display that consumes lesspower compared to other display technologies. For example, in a LiquidCrystal Display power must be supplied to the entire backlight, even toilluminate just one pixel in the display. In contrast, an OLED displaydoes not necessarily include a backlight. Furthermore, in an OLEDdisplay, preferably, only the illuminated pixel draws power.

The power efficiency of OLED technology presents a possibility fordesigning nodes that provide enhanced security and functionality.Illustrative devices that may be constructed using OLED technology aredisclosed in U.S. Pat. No. 9,665,818, which is hereby incorporated byreference herein in its entirety.

A node may be operational with numerous other general purpose or specialpurpose computing system environments or configurations. Examples ofwell-known computing systems, environments, and/or configurations thatmay be suitable for use with the invention include, but are not limitedto, personal computers, server computers, handheld or laptop devices,tablets, “smart” devices (e.g., watches, eyeglasses, clothing havingembedded electronic circuitry) mobile phones and/or other personaldigital assistants (“PDAs”), multiprocessor systems,microprocessor-based systems, set top boxes, programmable consumerelectronics, network PCs, minicomputers, mainframe computers,distributed computing environments that include any of the above systemsor devices, and the like.

Nodes may utilize computer-executable instructions, such as programmodules, being executed by a computer. Generally, program modulesinclude routines, programs, objects, components, data structures, etc.that perform particular tasks or implement particular abstract datatypes. A node may be operational with distributed computing environmentswhere tasks are performed by remote processing devices that are linkedthrough a communications network. In a distributed computingenvironment, program modules may be located in both local and remotecomputer storage media including memory storage devices. Nodes may relyon a network of remote servers hosted on the Internet to store, manage,and process data (e.g., “cloud computing”).

Nodes may include a battery. The battery may be a power source forelectronic components of the node. For example, the battery may supplypower to the display, the communication circuit and the processorcircuit. In some embodiments, a node may include a plurality ofbatteries. Nodes may include solar panels that convert solar energy intoelectricity that powers one or more components of a node.

Sensors in a single architecture or other grouping may be produced bydifferent manufacturers. Sensors may capture data in different formats.For example, sensors may use different data structures to packagecaptured data. Sensors 103 may utilize different communication protocolsto transmit captured data or communicate with other nodes. Despite suchoperational differences, sensors 103 may operate substantiallyseamlessly together. Interoperability may allow captured data to besubstantially seamlessly captured and interpreted by data analysisengine 109. Based on interpreting the captured data, data analysisengine 109 may issue instructions to actuators 107.

Interoperability may be implemented across any suitable nodes ofarchitecture 100. Interoperability may enable communication betweensensors 103 and other nodes. Interoperability may enable architecture100 to provide services and applications via actuators 107.Interoperability may allow services and content to be provided anywhere,anytime and based on input/output of different nodes.

Data gathering by one or more of sensors 103 may be controlled by one ormore other nodes of architecture 100. For example, data analysis engine109 may control a quantity of data captured by sensors 103.Alternatively, data repository 101 and/or analysis engine 109 may filteror otherwise intelligently process data captured by sensors 103.

Timing of when data is captured by sensors 103 may be controlled by anysuitable node on architecture 100. For example, data may be captured inreal-time or at pre-defined intervals such as once a day. Data may alsobe captured in response to a detected environmental status change.

Data analysis engine 109 may filter data captured by sensors 103. Dataanalysis engine 103 may repackage or reformat captured data. Dataconversion may include transformation of low level raw data (possiblyfrom multiple sensors or groups of sensors) into meaningful informationfor a target audience or for a target analysis.

For example, captured data intended for human consumption or interactionmay be converted into a human understandable format. Captured dataintended for machine consumption may be converted into a format readableby a particular machine or node.

Data analysis engine 109 may perform pattern recognition to identifycorrelations and trends in captured data. Data analysis engine 109 mayalso evaluate a cost of obtaining data. “Costs” may be monetary (e.g.,labor costs or infrastructure costs), time-related or related to a levelof intrusion needed to obtain desired data. “Costs” may bebandwidth-related.

For example, a communication link may be associated with a fixedbandwidth. The bandwidth may limit an amount of information or a rate oftransmission over the communication link.

For example, a sensor may respond slowly to a request from another nodeif there is a large amount of informational traffic traveling on acommunication link shared with other nodes. The large amount ofinformational traffic may not leave sufficient bandwidth for thetransmitting node to timely communicate with the requesting node.

As a further example, a sensor may respond slowly if the sensortransmits a large amount of captured data. The large amount ofinformation transmitted by the sensor, together with other informationaltraffic traveling on the shared communication link, may be close to, orexceed the bandwidth of the communication link. As a result, sensors maybe unable to transmit captured date in a timely manner.

Data travelling within architecture 100 to/from nodes may be routedalong multiple communication links until the transmitted informationreaches a desired destination node (e.g., data analysis engine 109).Each communication link may service a number of connected nodes and arespective volume of informational traffic.

It may be difficult to ascertain available bandwidth on a particularcommunication link. It may be difficult to ascertain which communicationlinks are being utilized to transmit information between nodes. Nodesattempting to transmit information over a communication link may not beaware of a number of connected nodes, a volume of traffic on aparticular communication link or a bandwidth capacity of a communicationlink.

Furthermore, a communication link may be controlled by a differententity from an entity responsible for operation of a particular node.The entity responsible for operation of the node may be unable tomonitor a number of nodes that share a communication link, a bandwidthcapacity of a communication link or a volume of traffic transmitted on acommunication link. Despite difficult to predict conditions on acommunication link, it would be desirable for a node to timely respondto a request for information or timely receive desired information.

Sensors 103 may belong to, or operated by, differentadministrative/management domains. Sensors 103 may be operated bydifferent domains without expressly-defined relationships among suchdomains. The absence of express relationships enables access to datacaptured by sensors 103 by one or more architectures having one or morefeatures in common with architecture 100. Groups of sensors may includesensors from two or more administrative domains.

Data repository 101 may receive data captured by sensors 103. In someembodiments, data captured by sensors 103 may be transmitted directly todata analysis engine 109. Data stored in repository 101 may be sortedand analyzed by data analysis engine 109. Data stored in data repository101 may be so voluminous and complex (e.g., structured/unstructuredand/or constantly changing) that traditional data processing applicationsoftware may be inadequate to meaningfully process the data (e.g., “bigdata”). Data analysis engine 109 may include software applicationsspecially designed to process large volumes of data (“big dataanalytics”).

Based on captured data, data analysis engine 109 may optimize processes,reduce loss (e.g., fraud), improve customer understanding and targeting,increase automation, decrease latency in products and/or servicesprovided by actuators 107 and identify new analytical models that mayutilize data captured by sensors 103.

Architecture 100 may include one or more layers of softwareapplications. Software applications may implement a variety of functionsand provide varied services to nodes of architecture 100. Softwareapplications running on data analysis engine 109 may submit requests tosensors 103 for retrieval of specific data to achieve a functional goalprovided by actuators 107. Software applications may control datacaptured by sensors 103 or actions taken by actuators 107. Softwareapplications may control a flow of information within architecture 100.

Software applications may be implemented on a node. A node may be anenterprise system or a “cloud” of computing devices. On deviceapplications may be dependent on a specific hardware configuration. Suchhardware requirements may preferably be minimal, such as an extension ofthe OS/firmware of the device. For example, illustrative softwareapplications for sensors may include TinyOS, Linux, Contiki and RIOT.

Software applications may include middleware. Middleware may connect anoperating system or database to other software applications. Middlewaremay configure and manage hardware such as sensors (e.g., to achieve atarget functionality). Middleware may be responsible for aggregatingdata captured by sensors 103 and passing captured data to datarepository 101 and/or data analysis engine 109.

Software applications may provide security services that mitigatethreats to the integrity of data captured by sensors 103 or architecture100 generally.

Actuators 107 may respond to data transmitted or processed by othernodes such as data analysis engine 109. Actuators 107 may includedevices that modify the physical state of a physical entity. Actuators107 may include devices that modify a virtual state of information. Forexample, actuators 107 may move (translate, rotate, etc.) physicalobjects or activate/deactivate functionalities of more complex ones. Anactuator may dim a light bulb, open a door, change a temperaturesetting, authorize access to an automated-teller-machine (“ATM”) and/orany other suitable functionality. Actuators 107 may verify identities,trigger electronic payments, extend credit or debit accounts.

Within an intelligent networked system such as architecture 100, sensors103 perform the functions of input devices—they serve as, for example,“eyes,” collecting information about their environment. In contrast,actuators 107 act as “hands,” implementing decisions based on datacaptured by sensors 103. A single node may include the functions ofsensors and actuators.

Actuators 107 may communicate with data analysis engine 109 and sensors103. Actuators 107 may include an application programming interface(“API”) for communicating with other nodes. Actuators 107 maycommunicate directly with other nodes using machine-to-machine (“M2M”)protocols. Illustrative M2M protocols may include MQ Telemetry Transport(“MQTT”). M2M includes communication between two or more objects withoutrequiring direct human intervention. M2M communications may automatedecision and communication processes for actuators 107.

In the absence of express relationships between sensors and the devicesthat access data captured by the sensors traditional approaches formanaging trust, security naming, discovery, or other traditional networkservices may not be applicable or available. Methods and apparatus fortransmitting secure communications from a source device, such as an IoTdevice, to a target device, via a plurality of devices is provided.Various shredding algorithms may be applied to one or more of the securecommunications at different points during the communication process.

Generally, nodes of architecture 100 may interact and cooperate usingone or more interaction paradigms. Exemplary interaction paradigmsinclude client-server and peer-to-peer interactions. Illustrativecommunication protocols may include HyperText Transfer Protocol(“HTTP”), Simple Object Access Protocol (“SOAP”), REpresentational StateTransfer (“REST”) Constrained Application Protocol (“CoAP”) or SensorML.

As a result of the disparate nature of sensors 103, an architecture,such as architecture 100 incorporating sensors 103 may support a varietyof communication protocols. Illustrative supported protocols may includeIEEE 802.15.4 (“ZigBee”), IEEE 802.11, 3G and 4G and LTE. For example,ZigBee requires approximately 20 to 60 mW (for 1 mW transmission power,a range of 10 to 100 meters and a data transmission rate of 250 kbit/s).

To conserve energy, a sensor may communicate wirelessly for shortperiods of time. Utilizing this approach, one or more standard sizesingle cell cylindrical dry battery batteries (e.g., AA size) mayprovide requisite computing power and wireless communication for manymonths.

Communication protocols used by nodes (e.g., sensors or actuators) maynot have, or may not be capable of having, security capabilities. Asecurity layer or buffer may be implemented by nodes that receive orrely on data captured by insecure sensors. Sensors or other nodes may bedynamically added or removed from an architecture. A security layer orbuffer may be modular to scale quickly and meet growth/contractionrequirements.

A physical layer may physically link nodes of architecture 100. Thefunction of this physical layer is to provide communication pathways tocarry and exchange data and network information between multiplesub-networks and nodes.

FIG. 2 shows illustrative sensors 200. Sensors 200 may include or morefeatures of sensors 103 (shown in FIG. 1). Sensors 200 include biometricsensors 203 that sense biometric attributes. For example, biometricsensors may be embedded in “smart” clothing 209 that monitors a wearer'sphysical condition. Such clothing may capture biometric data, such aspulse rate, temperature, muscle contraction, heart rhythm and physicalmovement. Smart clothing may be linked to smart phone 219 such as via aBluetooth® communication link. Smart phone 219 may transmit datacaptured by smart clothing 209 to one or more other network nodes.

Biometric sensors 203 may include other illustrative sensors such asheart monitor 211, sleep monitor 213, smart watch 219, smart phone 219and automobile 215.

Sensors 200 may include personal use devices 205. Personal use devices205 may include sensors embedded in home appliances 221, productivitydevices 223 or entertainment devices 225. Productivity devices 223 mayinclude tablets, laptops or other personal computing devices.Entertainment devices may include gaming consoles and the like.

Sensors 200 also include third-party devices 207. Third-party devicesmay include devices that are not under the direct or exclusive controlof a user. A user may interact with third-party devices 207 to obtain adesired service provided by the third-party.

Exemplary third party devices include smart card 227. Smart card 227 mayfunction as a purchasing instrument. Illustrative purchasing instrumentsmay conform to specifications published by the InternationalOrganization for Standardization. Such specifications may include:ISO/IEC 7810, ISO/IEC 7811 and ISO/IEC 7816, which are herebyincorporated herein by reference in their entireties. Suitablepurchasing instruments may include a credit card, debit card andelectronic purchasing devices. Such purchasing instruments may sense alocation or frequency of use.

Such purchasing instruments may include “EMV” chips. EMV is a technologythat derives its name from the companies (Europay, MasterCard, and Visa)that helped develop the technology. When the credit card and itsassociated EMV chip are inserted into a specialized card reader (anothersensor), the reader powers the EMV chip and the EMV chip generates a newauthorization code each time the credit card is used. The EMV chip maycapture transaction data such as amounts, location or identity of thechip reader.

Third-party sensors 207 may include ATMs 229, point-of-sale terminals(“POS”) 231 and public transit 235. Such devices may also be actuators.

Third-party devices may also include software applications 233.Applications 233 may be used to access services, such as an onlinebanking portal. Such applications may detect biometric features toauthorize access to the online banking portal. Third-party devices mayinclude sensors that capture data associated with power consumption(e.g., smart grids), electronic communication traffic, logistics(package movement) or any other suitable environmental condition.

FIG. 2 shows that sensors may categorically overlap. For example, anapplication used to access an online bank portal may capture a biometricfeature (e.g., fingerprint) to authenticate a user.

Each of the sensors shown in FIG. 2 may include different and possiblyincompatible hardware. For example, sensors may each have differentoperating systems (or none at all), processor types and memory. Sensors200 may be inexpensive, single-function devices with rudimentary networkconnectivity. Sensors 200 may be positioned in remote and/orinaccessible locations where human intervention or configuration isdifficult.

To conserve power, sensors 200 may utilize 16-bit microcontrollers. Suchmicrocontrollers may use less than 400 μW per MIPS (“millioninstructions per second”) and may be capable of operating TCP/IPv6stacks with 4 kB RAM and 24 kB flash memory. As outlined in proposedInternet standard RFC 4944, which is hereby incorporated by reference inits entirety, IPv6 may be implemented over IEEE 802.15.4 (e.g., ZigBee)based wireless communication standards.

Furthermore, because of potentially disparate features andcharacteristics of sensors 200, security solutions disclosed herein maybe used to verify an authenticity of data transmitted by sensors havingdisparate hardware and software capabilities.

FIG. 3 shows an illustrative diagram in accordance with principles ofthe invention. Secure communication 308 may be transmitted to sourcedevice 302. Source device 302 may be an IoT device. In some embodiments,secure communication 308 may be generated and/or created at sourcedevice 302. Secure communication 308 may include privileged and/orconfidential data.

Source device 302 may shred secure communication 308. Fine grainshredding algorithm A, shown at 312, may be utilized to shred securecommunication 308. In some embodiments, fine grain shredding algorithm Amay be generated at source device 302. In other embodiments, fine grainshredding algorithm may be received at source device 302. The product offine grain shredding algorithm A executed on secure communication 308may be secure communication segments A, shown at 310.

Recombination key A, shown at 314, may be a key suitable for recombiningdata subjected to fine grain algorithm A, such as secure communicationsegments A. Therefore, recombination key A may be able to reconstructsecure communication 308 from secure communication segments A.

Secure communication segments A may be transmitted to intermediarydevice 304, as shown at communication 316. It should be appreciated thatcommunication 316 may be labeled S1. Communications labeled S1 may becompleted prior to communications labeled S2.

Recombination key A may be transmitted to intermediary device 304, asshown at communication 318. Communication 318 may be labeled S1, andtherefore, may be completed prior to communications labeled S2.

Communication 320 may show the destruction of secure communicationsegments A. Communication 320 may be labeled S2. S2 may indicate thatthe destruction of secure communication segments A may be initiated onlyupon completion of communication 316 and/or 318.

Communication 322 may show the destruction of recombination key A.Communication 322 may be labeled S2. S2 may indicate that thedestruction of recombination key A may be initiated only upon completionof communication 316 and/or 318.

Communication 324 may show the destruction of fine grain shreddingalgorithm A, shown at 312. Communication 324 may be labeled S2. S2 mayindicate that the destruction of fine grain shredding algorithm A may beinitiated only upon completion of communication 316 and/or 318.

Secure communication segments A may be transmitted to intermediarydevice 304. It should be appreciated that, in some embodiments, securecommunication segments A may be transmitted in a group to intermediarydevice 304. In other embodiments, each of secure communication segmentsA may be transmitted separately to intermediary device 304.

At intermediary device 304, fine grain shredding algorithm B, shown at326 may be applied to secure communication segments A, thereby producingsecure communication segments B, shown at 328. Recombination key B,shown at 330, which may be generated, created and/or received atintermediary device 304, may be suitable for recombining data subjectedto fine grain shredding algorithm B. Recombination key A andrecombination key B may be combined into recombination key C, as shownat 332.

Secure communication segments B may be transmitted to target device 306,as shown at communication 334. It should be appreciated thatcommunication 334 may be labeled I1. Communications labeled I1 may becompleted prior to the commencement of communications labeled I2.

Recombination key C may be transmitted to target device 306, as shown atcommunication 336. It should be appreciated that communication 336 maybe labeled I1. Communications labeled I1 may be completed prior to thecommencement of communications labeled I2.

Communications 338, 340, 342, 344 and 346 may show the destruction ofsecure communication segments B, fine grain shredding algorithm B,recombination key A, recombination key B and recombination key C.Communications 338, 340, 342, 344 and 346 may be labeled I2. Therefore,communications 338, 340, 342, 344 and 346 may be instantiated uponcompletion of communications labeled I1.

Target device 306 may separate recombination key C into recombinationkeys A and B, as shown at 338. Recombination key B may be used torecombine secure communication segments B into secure communicationsegments A, as shown at 340. Recombination key A may then be used torecombine secure communication segments A into secure communication 308,as shown at 342.

It should be appreciated that multiple shredding algorithms withmultiple intermediary devices are contemplated within the scope of theinvention.

In some embodiments, a halt time stamp may be included within eachrecombination key. In the event that the recombination key is notutilized before the time indicated by the halt time stamp, therecombination key and/or the secure communication segments may bedestroyed.

In other embodiments, at least one of the secure communication segmentsmay include a halt time stamp. The halt time stamp may be a time stampwhen a partial recombination, such as recombination of securecommunication segments B into secure communication segments A, may becompleted. In the event that the recombination is not completed by thehalt time stamp, the secure communication segments may be destroyed.

In yet other embodiments, the halt time stamp may be a time stamp when afull recombination, such as a recombination of secure communicationsegments B into the secure communication, may be completed. In the eventthat the full recombination is not completed by the time indicated bythe halt time stamp, the secure communication segments and/or therecombination key(s) may be destroyed.

The halt time stamp may heighten the security of the securecommunication process. The halt time stamp may ensure that confidentialdata segments are not available for lengthy time periods. It isundesirable for confidential data segments to be available for lengthytime periods, because the time may allow hackers to attempt toreconstruct the data.

In some embodiments, secure communications segments 328 may include oneor more pre-generation key segments. A pre-generation key segment may behidden within a plurality of the secure communications. Thepre-generation key segment may be not readily available or viewable by auser or system that may have intercepted the communication. Thepre-generation key segment may be stored to be used as a recombinationkey for additional secure communication segments. It should beappreciated that, in these embodiments, the recombination key may not betransmitted from source device 302 to intermediary device 304.

In other embodiments, secure communication segments may be divided intosections. Each section may be shredded using a different shreddingalgorithm. The recombination key for each shredding algorithm may bestored in a segment that was shredded using a different algorithm. Eachsegment may be transmitted individually to intermediary device 304. Inthis manner the communications are difficult to intercept. In the eventthat the communications are intercepted, the communications aredifficult to recombine because the recombination key has beentransmitted with a different communication.

It should be appreciated that once the recombination key is used for aspecific set of communication segments, it may be marked as used, andunavailable for use as a recombination key at another securecommunication transmission.

FIG. 4 shows an illustrative diagram. Smart watch 402 and smart phone408 may be worn on the body of user A, shown at 414. User A may desireto be authenticated into automated teller machine (“ATM”) 416.

At ATM 416, smart watch 402 may receive a message from ATM 416 toauthenticate user A. The message may be received via Beacon, Bluetooth,NFC (near field communication) or other such communication medium. Smartwatch 402 may generate and/or receive a secure authenticationcommunication. Smart watch 402 may shred the secure authenticationcommunication into secure communication segments A, shown at 406. Smartwatch 402 may generate and/or receive recombination key A, which may besuitable for recombination of secure communication segments A into thesecure communication.

Smart watch 402 may transmit secure communication segments A, shown at406 and recombination key, shown at 404, to smart phone 408. Smart phone408 may shred secure communication segments A into secure communicationsegments B. Smart phone 408 may also generate recombination key C.Recombination key C may be suitable for recombining secure communicationsegments B into the secure communication. Smart phone 408 may transmitsecure communication segments B and recombination key C to ATM 416.Secure communication segments B may be transmitted as a group,individually or a plurality of smaller groups. Secure communicationsegments B may be transmitted together with recombination key C. Securecommunication segments B may be transmitted in a separate communicationfrom recombination key C.

ATM 416 may receive secure communication segments B and recombinationkey C. ATM 416 may recombine secure communication segments B into thesecure communication using secure communication segments B, as shown at418. The secure communication may provide a keyhole, or a method ofentry for a username and password.

User A may be prompted by ATM 416 to enter a username and password. ATM416 may receive a username and password from user A. ATM 416 may enterusername and password into the secure communication, as shown at 416. Ifthe username and password properly satisfy the keyhole of the securecommunication, ATM 416 may allow access to user A.

FIG. 5 shows an illustrative flow chart. Source communication (“SC”),shown at 502 may be received, generated and/or created at sourcelocation 504. Source location 504 may shred SC into source communicationsegments 1 (“SC1”), as shown at 506.

A key (“SC1K”) for recombination of SC1 is created and/or generated, asshown at 508. SC1K and SC1 may be transmitted, as shown at 510, to anintermediary location, as shown at 512. SC1 may be shredded to SC2, asshown at 514. A key (“SC2K”) may be created for recombination, as shownat 516. SC1K and SC2K may be combined into a third key (“SC3K”), asshown at 518. SC3K and SC2 may be transmitted, as shown at 520, totarget location 522. SC3K may be separated into SC1K and SC2K, as shownat 524.

SC2K may be used to recombine SC2 into SC1, as shown at 526. SC1K may beused to recombine SC1 into SC.

FIG. 6 shows various embodiments for use of a secure communication.Secure communication segments B, shown at 602, may be recombined, at606, using recombination key C, shown at 604.

Vehicle 612 may receive the secure communication, shown at 622. Vehicle612 may also receive username and pin number, shown at 624. The usernameand pin number may be received from user A, via communication 626.Secure communication 622 may provide a keyhole for username and pinnumber 624. In the event that the username and pin number isauthenticated, user A may be allowed access to vehicle 612.

Thermostat 610 may receive the secure communication, shown at 618.Thermostat 610 may also receive biometric identifier, shown at 620. Thebiometric identifier may be received from user A, via communication 628.Secure communication 688 may provide a keyhole for biometric identifier620. In the event that the biometric identifier is authenticated, user Amay be allowed access to thermostat 610.

Refrigerator 608 may receive the secure communication, shown at 614.Refrigerator 608 may also receive security code, shown at 616. Thesecurity code may be received from user A, via communication 630. In theevent that the security code is authenticated user A may be allowedaccess to refrigerator 608.

Thus, methods and apparatus for IoT self-segmented blocks have beenprovided. Persons skilled in the art will appreciate that the presentinvention can be practiced by other than the described embodiments,which are presented for purposes of illustration rather than oflimitation, and that the present invention is limited only by the claimsthat follow.

What is claimed is:
 1. A system for secure communication transmissionbetween a source device and a target device via a plurality of devices,the system comprising: the source device, said source device configuredto: create and/or receive a secure communication; shred the securecommunication into a first plurality of communication segments using afirst fine-grain shredding algorithm; create a first recombination keysuitable for recombining data subjected to the first fine-grainshredding algorithm; transmit each of the first plurality ofcommunication segments and the first recombination key to anintermediary device, said intermediary device being one of the pluralityof devices; and destroy the first recombination key, the plurality ofcommunication segments and the secure communication resident on thesource device; the intermediary device, said intermediary deviceconfigured to: shred the first plurality of communication segments intoa second plurality of communication segments using a second fine-grainshredding algorithm; create a second recombination key suitable forrecombining data subjected to the second fine-grain shredding algorithm;merge the first recombination key with second recombination key into athird recombination key; transmit each of the second plurality ofcommunication segments and the third recombination key to the targetdevice; and destroy the first recombination key, the secondrecombination key, the third recombination key and the plurality ofcommunication segments resident on the intermediary device; and thetarget device configured to: separate the third recombination key intothe first recombination key and the second recombination key; recombinethe second plurality of communication segments into the first pluralityof communication segments using the second recombination key; andrecombine the first plurality of communication segments into the securecommunication at the target device.
 2. The system of claim 1, wherein:the intermediary device is further configured to: use an encryptionkey/algorithm to merge the first recombination key with the secondrecombination into the third recombination key; transmit the encryptionkey/algorithm to the target device; and destroy the encryptionkey/algorithm at the intermediary device; and the target device isfurther configured to: use the encryption key/algorithm to separate thethird recombination key into the first recombination key and the secondrecombination key.
 3. The system of claim 1, wherein the thirdrecombination key is a concatenation of the first recombination key andthe second recombination key.
 4. The system of claim 1, wherein thesource device, the intermediary device and/or the target device is ahuman-wearable device.
 5. The system of claim 1, wherein: the targetdevice is an Internet of Things device requiring authentication of auser; the secure communication comprises authentication informationrelating to the user; and the secure communication enables the user toauthenticate into the target device.
 6. The system of claim 5, whereinsaid authentication into comprises entering a user identifier andpassword into the target device.
 7. The system of claim 6, wherein: thesecure communication comprises an authentication channel for the useridentifier and password which enables authentication into the targetdevice.
 8. A method for transmitting secure communications from a sourcedevice to a target device via a plurality of devices, the methodcomprising: creating and/or receiving a secure communication at thesource device; shredding, at the source device, the secure communicationinto a first plurality of communication segments using a firstfine-grain shredding algorithm; creating, at the source device, a firstrecombination key suitable for combining data subjected to the firstfine-grain shredding algorithm; transmitting each of the first pluralityof communication segments and the first recombination key to anintermediary device, said intermediary device being one of the pluralityof devices; destroying the first recombination key and/or the pluralityof communication segments stored at the source device; shredding, at theintermediary device, the first plurality of communication segments intoa second plurality of communication segments using a second fine-grainshredding algorithm; creating, at the intermediary device, a secondrecombination key suitable for combining data subjected to the secondfine-grain shredding algorithm; merging the first recombination key withthe second recombination key into a third recombination key;transmitting each of the second plurality of communication segments andthe third recombination key to the target device; destroying the firstrecombination key, the second recombination key, the third recombinationkey and/or the plurality of communication segments stored at theintermediary device; separating the third recombination key into thefirst recombination key and the second recombination key at the targetdevice; recombining the second plurality of communication segments intothe first plurality of communication segments using the secondrecombination key; and recombining the first plurality of communicationsegments into the secure communication at the target device.
 9. Themethod of claim 8, wherein the source device, the intermediary deviceand/or the target device is a human-wearable device.
 10. The method ofclaim 8, wherein: the target device is a device requiring authenticationof a user; the secure communication comprises authentication informationrelating to the user; and the secure communication enables the user toauthenticate into the target device.
 11. The method of claim 10, whereinsaid authenticating into comprises entering a user ID and password intothe target device.
 12. The method of claim 11, wherein said user ID andpassword correspond to information in the secure communication.
 13. Asystem for secure communication transmission between a source device anda target device via a plurality of devices, the system comprising: thesource device, said source device configured to: create and/or receive asecure communication; shred the secure communication into a firstplurality of communication segments using a first fine-grain shreddingalgorithm; create a first recombination key suitable for recombiningdata subjected to the first fine-grain shredding algorithm; store asecond recombination key in the first plurality of communicationsegments, the second recombination key suitable for recombining datasubjected to a second fine-grain algorithm; transmit each of the firstplurality of communication segments and the first recombination key toan intermediary device, said intermediary device being one of theplurality of devices; and the intermediary device, said intermediarydevice configured to: shred the first plurality of communicationsegments into a second plurality of communication segments using a thirdfine-grain shredding algorithm; create a third recombination keysuitable for recombining data subjected to the second fine-grainshredding algorithm; merge the first recombination key with thirdrecombination key into a fourth recombination key; transmit each of thesecond plurality of communication segments and the fourth recombinationkey to the target device; store the second recombination key to be usedas a recombination key for a future secure communication, said futuresecure communication being shredded using the second fine-grainalgorithm; and the target device configured to: separate the fourthrecombination key into the first recombination key and the thirdrecombination key; recombine the second plurality of communicationsegments into the first plurality of communication segments using thethird recombination key; and recombine the first plurality ofcommunication segments into the secure communication at the targetdevice using the first recombination key.
 14. The system of claim 13,wherein: the intermediary device is further configured to: use anencryption key/algorithm to merge the first recombination key with thethird recombination into the fourth recombination key; and transmit theencryption key/algorithm to the target device; and the target device isfurther configured to: use the encryption key/algorithm to separate thefourth recombination key into the first recombination key and the thirdrecombination key.
 15. The system of claim 13, wherein the fourthrecombination key is a concatenation of the first recombination key andthe third recombination key.
 16. The system of claim 13, wherein thesource device, the intermediary device and/or the target device is ahuman-wearable device.
 17. The system of claim 13, wherein: the targetdevice is an Internet of Things device requiring authentication of auser; the secure communication comprises authentication informationrelating to the user; and the secure communication enables the user toauthenticate into the target device.
 18. The system of claim 17, whereinsaid authentication into comprises entering a user identifier andpassword into the target device.
 19. The system of claim 18, wherein:the secure communication comprises an authentication channel for theuser identifier and password, said authentication channel enablesauthentication into the target device.